Getting the Customer Involved in Fraud Prevention

Banks need to get their customers actively involved in their fraud prevention efforts as customers may be willing to switch institutions if they feel left in the dark about those efforts.

Fraud prevention has emerged as one of the leading uses for data analysis among banks, with more banks interested in big data initiatives to protect against fraud than any other area of use, according to aMicrosoft survey from this past April. An Infosys consumer survey released last week also found that 87% bank customers now expect their institutions to mine their personal data to protect them from fraudsters.

A third of the customers in the Infosys survey also said that they didn’t believe that their bank had a process for dealing with fraudulent transactions, indicating that customers don’t know enough about their banks fraud prevention efforts. Customers want to know how their bank is protecting them and communicating with them through alerts can help fulfill that need.

Using predictive analytics to protect against fraud can help banks get their customers involved in their fraud prevention efforts by training models built on customer behavior to find suspicious transactions, says Jeroen Dekker, a product manager for risk management solutions at Fiserv.

Previously banks relied on set rules and limits for authorizing transactions, and it wasn’t hard for fraudsters to figure out that a bank would review any transaction above a certain amount, Dekker points out. Utilizing data driven models and predictive analytics allows banks to find suspicious transactions based on the customer’s purchasing patterns rather than pre-determined rules. This makes it harder for the fraudsters to know which transactions the bank is going to zero in on, and it allows the bank to then follow up with the customer if need be to get additional authorization for a suspicious transaction.

“Instead of making a black and white binary decision [whether to complete a transaction] banks now have a gray area [where they might not be sure if the transaction is legitimate]. You can then challenge the transaction and, increasingly, screens can prompt the customer for extra information for authentication,” Dekker says. “The customers knows the bank is looking after them and it allows the bank to add extra security with a light touch.”

Banks need to let customers know that they are looking over their shoulder to protect them, and prompting the customer to enter the answer to a security question or PIN number can do so without turning off the customer. Fraud prevention could become a competitive advantage for institutions moving forward, as Infosys’ survey found that 83% of the respondents said they would switch banks if they were offered assurances regarding the safety of their money and data. Fighting fraud isn’t enough anymore for banks; the customer needs to know what the bank is doing to fight fraud and be involved in that process.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

A lot of the big institutions are already ahead of the game on this but many smaller banks haven't been able to invest in the infrastructure and staff to support a data and analytics approach to fraud prevention. The issue you bring up about card issuers not being able to control what goes on at the merchant's end is a good point. It'll be interesting to see what happens with the EMV deadlines approaching, and the responsibility moves from the issuer to the merchant if the merchant doesn't adopt EMV. The merchants are going to have to either pony up for the hardware upgrade or take over the fraud charges that the issuers have been responsible for.

This is old news. Card issuers have been doing this for years. I work in the industry and we use dozens of individual patterns to evaluate if a transaction is likely normal or fraud.

The point everyone is missing is that the cardholder has very little ability to protect themselves from most fraud because most of the time it's security breaches into poorly protected merchant systems that create the problem in the first place.

Merchants have a lot of liability protections to avoid chargebacks and losses from fraud. The irony here is the card issuer is usually the one that takes the losses for fraud, yet the card issuer has no control of the cardholder or the merchant's security practices.

Also, the card issuer does not control whether passwords or PINs are used to verify a cardholder. It is up to the merchant or the processing network if those controls are available or even turned on. Additionally, in order for any verification control to work, every card processor must be able to support it.

It's not as easy as it sounds to "just add security," which is why it takes years and years for standards to be created, software updated, and POS devices replaced to support new security standards.